subjack

subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives.

Installing

You need have Go installed. Full details of installation and set up can be found here.

go build subjack.go

How To Use:

./subjack -w domains.txt -t 100 -timeout 30 -o results.txt -https

• -w domains.txt is your list of subdomains. I recommend using cname.sh (included in a repository) to sift through your subdomain list for ones that have CNAME records attached and use that list to optimize and speed up testing.
• -t is the number of threads (Default: 10 threads).
• -timeout is the seconds to wait before timeout connection (Default: 10 seconds).
• -o results.txt where to save results to (Optional).
• -https enforces https requests which may return a different set of results and increase accuracy (Optional).

Currently, checks for:

Acquia Cloud Site Factory, ActiveCampaign, AfterShip, Aha!, Amazon S3 Bucket, Amazon Cloudfront, Big Cartel, Bitbucket, Brightcove, Campaign Monitor, Cargo Collective, Desk, Fastly, FeedPress, GetResponse, Ghost, Github, Helpjuice, Help Scout, Heroku, Intercom, JetBrains, Kajabi, MailerLite, Mashery, Microsoft Azure, Pantheon.io, Proposify, Shopify, simplebooklet, StatusPage, Surge, Táve, Teamwork, Thinkific, Tictail, Tumblr, Unbounce, UserVoice, Vend Ecommerce, Webflow, Wishpond, WordPress, Zendesk

Copyright (C) 2017 haccer

Source: https://github.com/haccer/